Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Chapter 1: Project Organization
People Determine Success
Who Are the People?
How to Satisfy?
Projects Have Three Dimensions
Requirements
The Development Team
Hiring the Best
The Schedule
Scheduling the Unknowable
A Scheduling Example
Why Projects Fail
Poor Requirements
Weak Team
Failure to Prototype High-Risk Features
Bad Design
Poor Development Processes
Changed Priorities
Sabotage
Managing the Project
Dividing the Work
Exploiting Database Centricity
Assigning Components to People
The Workplace
Issue Tracking
Legal Matters
Have a Written Contract
Know Who Owns What
Watch Out for License Entanglements
Involving a Lawyer
Getting Paid
Invoicing
Collecting
Chapter Summary
Chapter 2: Requirements
Outline of the Requirements Document
Rough First Draft: Scope Without Detail
A Closer Look at the Requirements Sections
When the Requirements Change
Logging Requirements Changes
Modifying the Requirements Document
Use Cases
Requirements War Stories
The Runaway Developer
The Arzano Ranch
Agile Requirements
Chapter Summary
Chapter 3: Platforms and Tools
Client-Server Architecture
Server Platform
The LAMP Stack
Server Operating System
Web Server
Database System
Server Programming Language
Client Platform
Client Operating System
Browsers
Client Programming Languages
Development Platform and Tools
Development Operating System
Installing a Web Server, MySQL, and PHP
Editors and IDEs
Transferring Files
Debugging Tools
Testing Tools
Version Control
Issue Tracker
Hosting Alternatives
Commercial Shared-Hosting Services
Hosting Scalability
Users, Groups, and Permissions
Cloud Servers
Installing New Versions
Doing It Wrong
Doing It Right
Chapter Summary
Chapter 4: The Database
Relational Databases
SQL
Some History
SQL Statements
What a Select Statement Does
Joining Tables
Expressions and Stored Procedures
Further Reading About SQL
Entity-Relationship Modeling
ER Diagrams
ER Design Tools and MySQL Workbench
The ER Design Process
Identifying the Entities
Identifying Relationships and Their Semantic Information
Defining the Attributes
Deciding on Primary Keys
Foreign Keys
Subtypes
Physical Design
From ER Diagram to Physical Design
NULLs
Normalization
First Normal Form (1NF)
Second and Third Normal Forms (2NF and 3NF)
Fourth Normal Form (4NF)
Constraints
MySQL Constraints
Constraints with MySQL Triggers
Transactions
Database Security
Backup and Recovery
Network Security
Access Control
Performance Optimization
Do You Have a Good Database?
Developing an Object-Relational Mapping Layer
Chapter Summary
Chapter 5: Application Structure
Accessing MySQL from PHP
Connecting with PDO
Database Credentials
Executing SQL Statements with PDO
Handling Database Inserts and Updates
PHP-Browser Interaction
How HTTP Works
PHP and Forms
Integrating Forms and Databases
Choosing Between GET and POST
PHP Sessions
A Page Framework
Page Structure
Page Framework Usage
Page Framework Files
Page Framework Implementation
Session Transitions and Login Pages
Dealing with Relationships
Forms with Foreign Keys
Handling Many-to-Many Relationships
Chapter Summary
Chapter 6: Security, Forms, and Error Handling
PHP Security Overview
The Computer Has to Be Secured
Password Strength
Hashing Passwords
Storing Hashed Passwords
Two-Factor Authentication
SQL Injection
Cross-Site Scripting
Cross-Site Request Forgery
Clickjacking
Reversed CSS Attacks
Submitting Requests with POST
Security Summary
Forms
Basic Form Class
Text Fields, Labels, and Buttons
Foreign Keys
Check Boxes
Radio Buttons and Menus
Dates
Password-Strength Feedback
The User Table and Password Management
The User Table
User Table Constraints
The Security Class
Getting Hashes from the Database
Checking the Password and Verification Token
Logging In and Handling Forgotten Passwords
Logging In with the Login Form (Phase 1)
HTTP Authentication
Verifying the Login (Phase 2)
Sending an Authentication Code
Checking the Verification Code and Completing 2FA Phase 2
Temporary Passwords
Changing a Password
Using a YubiKey for 2FA Phase 2
Setting the YubiKey Identifier
Verifying a YubiKey OTP
Comparing SMS/Voice and YubiKey
Error Handling
Error Message Usability
Catching Errors
Logging Errors
Hiding Errors
Translating Errors
Chapter Summary
Chapter 7: Reports and Other Outputs
Queries as Reports
Role-Based Access Control
RBAC in MySQL
RBAC Database Tables
Implementing RBAC with the Access Class
Hierarchy of Access
The Report Class: HTML and CSV Output
Report::html Method
About Character Sets
Report::csv Method
Generating PDFs from PHP
About PDFs and PDF Libraries
A Simple FPDF Example
FPDF Drawing Methods
FPDF::MultiCell Method
Writing Tables with FPDF
FPDF Headers and Footers
More FPDF
The Report Class: PDF Output
Using the Report Class to Build Reports
A Generalized Reports Page
Chapter Summary
Chapter 8: Data Conversion
Conversion in the Development Process
Convert Early
Convert Often
Conversion Sources
Enumerating Conversion Sources
Static vs. Dynamic Sources
Connecting Directly to the Source Database
Export Formats
Generating Conversion Programs Automatically
Dates, Times, and Character Conversion
Wacky Date Formats
Handling Times
Character Conversions
After Conversion
Testing the Converted Data
Fixing Bad Data
Keeping Unconverted Data
Variant Names
Consolidate After Conversion
Discovering Name Variants
Organizing the Database Search
Replacing Foreign Keys
Finding the Foreign Keys
Marking Replaced Rows
Chapter Summary
Index